Samba 3.4.12

This is a security release in order to address CVE-2011-0719.

All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.

(Updated 28-February-2011)

Monday, February 28 - Samba 3.4.12 has been released to address CVE-2011-0719.

Samba 3.4.9

This is a security release in order to address CVE-2010-3069.

All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.

(Updated 14-September-2010)

Tuesday, September 14 - Samba 3.4.9 has been released to address CVE-2010-3069.

Samba 3.4.7

This is a security release in order to address CVE-2010-0728.

In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.

(Updated 09-March-2010)

Monday, March 8 - Samba 3.4.7 has been released to address CVE-2010-0728.

Samba 3.4.2

This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.

In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.

Printing Changes:

Internal changes:

The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.

Samba3 and Samba4 do now share a common tevent library.

The code has been cleaned up and the major basic interfaces are shared with Samba4 now.

An asynchronous API has been added.

Configuration changes

!!! ATTENTION !!!

The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'.

The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all.

General Changes

On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but
disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky.

According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory.

To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option.

Authentication Changes

Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication
using that DOMAIN\user name.

This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain.

While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy
behavior.

Printing Changes

The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved.

Internal Changes

The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL.

So Guenther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs.

Thanks a lot! :-)

Samba3 and Samba4 do now share a common tevent library for fd and timer events.

The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between
these two versions.